-
Kubernetes: nginx ingress controller - failed calling webhook
3 min read
On a kubernetes cluster you might find the following error:
$ kubectl apply -f ingress.yaml Error from server (InternalError): error when creating "ingress": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1beta1/ingresses?timeout=10s: service "ingress-nginx-controller-admission" not found26/02/2021
Read more... -
Ingress API changes from beta to GA
2 min read
In kubernetes it has become common practice to use objects that are not yet GA, for instance: The Kubernetes team graduated the Ingress API to general availability (GA) in the 1.19 release (September 25th, 2020): it was first introduced in 2015. But there's one drawback that we really need to be aware: Using a alpha or beta API means that the interface might change and, for Ingress, it did change.
Let's take this Ingress yaml using extensions/v1beta1 as an example:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: beta-ingress annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip spec: rules: - http: paths: - backend: serviceName: example servicePort: 8080 path: /*If we try to apply it on a 1.19+ kubernetes cluster, we will get a warning message like this:
$ kubectl apply -f beta-ingress.yaml Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress ingress.extensions/testingress created25/02/2021
Read more... -
Helm: How to wait for the deployment before assuming it has succeeded
4 min read
When you upgrade your application using helm what it really does is to just apply the deployments and other objects upgrades. If your new deployment fails to start for some reason (such as missing image) you won't notice it until you actually check the kubernetes cluster.
Helm install and upgrade commands include a couple of options to assist in checking the deployments: --wait and --timeout
24/02/2021
Read more... -
kubernetes Deployments hands-on: Pod recovery
2 min read
When we create a deployment we set how many replicas want for that pod but what happens if we delete on of the pods?
23/02/2021
Read more... -
Set host header for livenessProbe and readinessProbe
2 min read
Some apps might rely on the host Header to deliver the right content. For example, is quite common for django apps to require an specific host header in order to sent a response. Lucky enough for these kind of applications, we can actually configure livenessProbe and readinessProbe to send a Host header
22/02/2021
Read more... -
Kubernetes Security Context: set uid for a Pod
2 min read
By default, any container that we launch will run as root. Most of the processes we launch don't really require, for example, to be able to install packages on the container. We can reduce it's privileges by setting the SecurityContext at the Pod level or at the container level.
19/02/2021
Read more... -
Using kubectl exec to run an interactive shell on an existing pod
2 min read
It's quite common to at least have a shell installed on the containers since it's footprint on the kB range. Let's check how to get an interactive shell on a running Pod. In case the pod we want to connect to is just using one container like in this example:
$ kubectl get pods NAME READY STATUS RESTARTS AGE pet2cattle-s3sync-5f9b9486cf-nznph 1/1 Running 0 2m20s18/02/2021
Read more... -
Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB
2 min read
If we try to create a LoadBalancer on an AWS EKS cluster without any public subnet it will get stuck on the pending state and we won't get any external IP/DNS name for it. By using kubectl describe we will be able to get the actual error:
$ kubectl get svc -n pet2cattle NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE demo-lb LoadBalancer 172.20.235.213 <pending> 80:30525/TCP 7d $ kubectl describe svc demo-lb -n pet2cattle Name: demo-lb Namespace: pet2cattle Labels: <none> Annotations: <none> Selector: run=demo-lb Type: LoadBalancer IP Families: <none> IP: 172.20.166.181 IPs: <none> Port: <unset> 80/TCP TargetPort: 80/TCP NodePort: <unset> 30088/TCP Endpoints: 10.236.124.69:80,10.236.126.253:80 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuringLoadBalancer 12s (x3 over 27s) service-controller Ensuring load balancer Warning SyncLoadBalancerFailed 12s (x3 over 27s) service-controller Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB17/02/2021
Read more... -
terraform: AWS provider - missing region
1 min read
We might face the following error when trying to apply terraform:
$ terraform plan Acquiring state lock. This may take a few moments... Error: Missing required argument The argument "region" is required, but was not set. Releasing state lock. This may take a few moments...16/02/2021
Read more... -
terraform: use replace() function in a list
1 min read
To be able to replace substring in terraform we have the replace() function, but this function can only be applied to a string, not a list of strings. How do we replace, for example, the http for https in the following list of strings?
input = [ "http://systemadmin.es", "http://pet2cattle.com" ]15/02/2021
Read more...